Resolving Network Issues on IPO - putting IPO on Public Internet

[Jimbo2015]

We have been having a nightmare resolving an intermittent SIP issue with a customer which makes many International calls.

They have complained of echo, latency, calls not connecting and many calls dropping.

We routed calls through a different SIP provider to see if that would resolve the issue and there were no reports of echo or latency but still reports of calls not connecting and calls dropping.

We used pingtest.net and that showed a ping at 4ms and jitter at 1ms although this was done out of hours.

They have a 100MB leased line which is set up to run through a Cisco ASA and we would now like to eliminate the Cisco as the issue.

Their IT have asked if the IPO can be internet facing with a public IP on its WAN interface and handing NAT/PAT so that we can bypass the Cisco ASA altogether?

This is not something I have done before and I am not sure how to do this and this will need to be set up on LAN 2 of the attached config. Please can someone explain what settings I would need to change on LAN 2 so that we can bypass the ASA?

i.e which firewall/NAT type? Do we need to enter anything in the binding refresh time? What do we enter on the Public port, UDP, TCP and TLS.

Is there anything else to consider when setting this up?

Thanks in advance,

 

[amriddle01]

Your title says it all, you can't resolve network issues on the IPO, it's the network

 

[Jimbo2015]

I am sure it is the network but surely if we can put the IPO on the public internet this will take the ASA as the cause out of the equation.

P.s I could of chosen a better title

 

[Westi]

If you do that for testing then make sure that
1. all your passwords are changed (better even change all user names too)
2. turn off all interfaces you don't need (TFTP,TAPI, http ....)
3. do not have a 0.0.0.0 route but create IP routes just for the connections you need (SIP provider, DNS server, your office so you can access it remotely via Internet)
4. Have all passwords set to something better than 1234 so that nobody logs on to the system with these
5. turn off h.323 and SIP extensions on that interface

I still would be afraid to do it but that should keep you relatively save until you know if the ASA is the problem or not.

Make sure that the interface on the ASA towards your IPO is set to auto negotiate because if hardcoded to 100 meg it can cause issues

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

 

[janni78]

I don't quite follow.

You say that when you switched SIP provider the sound issues went away?
And now you only have issue with calls not connecting and calls disconnecting?

In that case monitor tracing should be enough to see why this is happening.
Just be sure policy-inspection for SIP is disabled in ASA.

"Trying is the first step to failure..." - Homer

 

[IPGuru]

Their IT have asked if the IPO can be internet facing with a public IP on its WAN interface and handing NAT/PAT so that we can bypass the Cisco ASA altogether?

Tel the IT dept only if they want their system to be hacked.



Do things on the cheap & it will cost you dear

 

[amriddle01]

They just need to monitor how much bandwidth is being used when the quality drops off, if it's bandwidth related then what they're asking will not make a difference as it's still sharing it